The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Decryption keys

DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions

DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions

October 24, 2017Mohit Kumar
DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi attack and ROCA factorization attack . The vulnerability affects products from dozens of vendors, including Fortinet , Cisco, TechGuard, whose devices rely on ANSI X9.31 RNG — an outdated pseudorandom number generation algorithm — 'in conjunction with a hard-coded seed key.' Before getting removed from the list of FIPS-approved pseudorandom number generation algorithms in January 2016, ANSI X9.31 RNG was included into various cryptographic standards over the last three decades. Pseudorandom number generators (PRNGs) don’t generate random numbers at all. Instead, it is a deterministic algorithm that produces a sequence of bits based on initial secret values called a
Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices

Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices

October 17, 2017Swati Khandelwal
If you think KRACK attack for WiFi is the worst vulnerability of this year, then hold on… ...we have got another one for you which is even worse. Microsoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic library produced by German semiconductor manufacturer Infineon Technologies. It's noteworthy that this crypto-related vulnerability (CVE-2017-15361) doesn't affect elliptic-curve cryptography and the encryption standard itself, rather it resides in the implementation of RSA key pair generation by Infineon's Trusted Platform Module (TPM). Infineon's Trusted Platform Module (TPM) is a widely-used, dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and is used for secured crypto processes. This 5-year-old algorithmic vulnerability was discovered by security researchers at Masaryk University in the Czech Republic, who have relea
WannaCry Coding Mistakes Can Help Files Recovery Even After Infection

WannaCry Coding Mistakes Can Help Files Recovery Even After Infection

June 02, 2017Swati Khandelwal
Last month  WannaCry ransomware  hit more than 300,000 PCs across the world within just 72 hours by using its self-spreading capabilities to infect vulnerable Windows PCs, particularly those using vulnerable versions of the OS, within the same network. But that doesn't mean WannaCry was a high-quality piece of ransomware. Security researchers have recently discovered some programming errors in the code of the WannaCrypt ransomware worm that might allow victims to restore their locked files without paying for any decryption key. After deeply analysing the WannaCry code, security company at Kaspersky Lab found that the ransomware was full of mistakes that could allow some of its victims to restore their files with publicly available free recovery tools or even with simple commands. Anton Ivanov, senior malware analyst at Kaspersky Lab, along with colleagues Fedor Sinitsyn and Orkhan Mamedov, detailed three critical errors made by WannaCry developers that could allow sysadmi
WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom

WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom

May 19, 2017Swati Khandelwal
If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals. Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems. WannaCry Ransomware Decryption Keys The WannaCry's encryption scheme works by generating a pair of keys on the victim's computer that rely on prime numbers, a "public" key and a "private" key for encrypting and decrypting the system’s files respectively. To prevent the victim from accessing the private key and decrypting locked files himself, WannaCry erases the key from the system, leaving no choice for the victims to retrieve the decryption key except paying the ransom to
This Ransomware Unlocks Your Files For Free If You Infect Others

This Ransomware Unlocks Your Files For Free If You Infect Others

December 09, 2016Mohit Kumar
Is your PC infected with Ransomware? Either pay the ransom amount to the attacker or spread the infection further to get the decryption keys. Yes, this new technique has been employed by cyber criminals with the latest round of ransomware threat, dubbed Popcorn Time. Initially discovered by MalwareHunterTeam , the new Popcorn Time Ransomware has been designed to give the victim's a criminal way of getting a free decryption key for their encrypted files and folders. Popcorn Time works similar to other popular ransomware threats, such as the Crysis Ransomware and TeslaCrypt, that encrypt various data stored on the infected computer and ask victims to pay a ransom amount to recover their data. But to get their important files back, Popcorn Time gives victims option to pay a ransom to the cyber criminal or infect two other people and have them pay the ransom to get a free decryption key. What's even worse? The victims are encouraged to pay the ransom of 1 Bitcoin (~$75
DROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk

DROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk

March 01, 2016Swati Khandelwal
A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer (SSLv2). Dubbed DROWN , the highly critical security hole in OpenSSL was disclosed today as a low-cost attack that could decrypt your sensitive, secure HTTPS communications, including passwords and credit card details… ...and that too in a matter of hours or in some cases almost immediately, a team of 15 security researchers from various universities and the infosec community warned Tuesday. Here’s what the security researchers said: "We've been able to execute the attack against OpenSSL versions that are vulnerable to CVE-2016-0703 in under a minute using a single PC. Even for servers that do not have these particular bugs, the general variant of the attack, which works against any SSLv2 server, can be conducted in under 8 hour
How-to — Stealing Decryption Key from Air-Gapped Computer in Another Room

How-to — Stealing Decryption Key from Air-Gapped Computer in Another Room

February 16, 2016Swati Khandelwal
Air-gapped computers that are believed to be the most secure computers on the planet have become a regular target for researchers in recent years. Air-gap computers are one that are isolated from the Internet or any other computers that are connected to the Internet or external network, so hackers can’t remotely access their contents. But you need to think again before calling them ' Safe .' A team of security researchers from Tel Aviv University and Technion have discovered a new method to steal sensitive data from a target air-gapped computer located in another room. The team is the same group of researchers who had experimented a number of different methods to extract data from a computer. Last year, the team demonstrated how to extract secret decryption keys from computers using just a radio receiver and a piece of pita bread. In 2014, the team devised a special digitizer wristband that had the ability to extract the cryptographic key used to secu
CryptoWall Ransomware raised $325 Million in Revenue for Its Developer

CryptoWall Ransomware raised $325 Million in Revenue for Its Developer

October 30, 2015Mohit Kumar
The Creators of the notorious CryptoWall ransomware virus have managed to raise more than $325 million (£212 million) in this past year alone. Ransomware has emerged as one of the biggest cyber threats to web users in recent times. Typically, hackers primarily gain access to a user's computer system using a ransomware malware, which encrypts all files with a strong cryptographic algorithm, and demand a ransom money to be paid in Bitcoin, typically between $200 and $10,000. In June 2014, researchers first discovered the CryptoWall ransomware attack, and currently, the latest CryptoWall version 3.0 (CW3) is the most sophisticated and complex family of this malware backed by a very robust back-end infrastructure. Must Read:   FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money' According to the latest report  ( pdf ) published by Cyber Threat Alliance (CTA) , an industry group formed last year to study emerging threats, researchers have disco
TrueCrypt Encryption Software Has Two Critical Flaws: It's time to Move On

TrueCrypt Encryption Software Has Two Critical Flaws: It's time to Move On

October 01, 2015Khyati Jain
If you are among thousands of privacy-conscious people who are still using ‘ no longer available ’ TrueCrypt Encryption Software , then you need to pay attention. Two critical security vulnerabilities have been discovered in the most famous encryption tool, TrueCrypt, that could expose the user’s data to hackers if exploited. TrueCrypt was audited earlier this by a team of Security researchers and found to be backdoor-free . James Forshaw , Security researcher with Google’s Project Zero — which looks for zero-day exploits — has found a pair of privilege elevation flaws in TrueCrypt package. Last year, TrueCrypt project was dropped after its mysterious developers had claimed the Windows disk-encryption software had ‘ unfixed security issues ’. TrueCrypt is a widely-used ‘ On-the-Fly ’ Open source Hard disk encryption program. Reportedly, TrueCrypt vulnerabilities would not directly allow an attacker to decrypt drive data. Instead, successful exploitation
Free CryptoLocker Ransomware Decryption Tool Released

Free CryptoLocker Ransomware Decryption Tool Released

August 07, 2014Swati Khandelwal
When I say Ransomware, the first nasty piece of malware strikes in the mind is CryptoLocker . A nasty strain of ransomware malware that threatened most of the people around the world by effectively destroying important files of the victims forever. CRYPTOLOCKER - A DEVASTATING THREAT CryptoLocker is a simple rather a devastating piece of Ransomware that encrypts the files on a victim’s computer and issues an ultimatum - Pay up or lose your data. CryptoLocker is particularly designed to extort money from computer users by holding computer files hostage until the computer user pays a ransom fee to get them back. Cryptolocker hijacker sniffs out your personal files and wraps them with strong AES-256-bit encryption before it demands money. HOW TO DECRYPT CRYPTOLOCKER? FREE TOOL RELEASED Thanks to security experts, who created an online service where victims whose systems have been encrypted by the CryptoLocker ransomware can get the decryption keys for free. This o
Student Decrypts Simplocker Android Ransomware that Encrypts Files

Student Decrypts Simplocker Android Ransomware that Encrypts Files

June 17, 2014Swati Khandelwal
In a previous story, I reported about a new ransomware threat known as Simplocker discovered by researchers at the security firm ESET, targeting Android users in the UK, Switzerland, Germany, India and Russia, for ransom. Simplocker (Android/Simplocker.A) is the latest Android ransomware that has ability to encrypt the files using Advanced Encryption Standard (AES) on the Android device SD cards demanding users pay a ransom of 260 UAH ( Ukrainian hryvnias ), which is roughly equal to $21 US, for those files to be decrypted. To hide their track, the malware author is using the Command-and-Control server hosted on TOR .onion domain, which makes it difficult to trace the server's physical location or determine who is operating it. The malware collects information about the users’ phone such as IMEI number, Operating System, phone model and manufacturer to send it all to Command-and-Control server. STUDENT CRACKS SIMPLOCKER RANSOMWARE Now, an undergraduate stu
Dumb Ransomware Developer leaves Decryption Keys on Infected Computers

Dumb Ransomware Developer leaves Decryption Keys on Infected Computers

April 02, 2014Swati Khandelwal
So, How do Hackers compromise a Website? Simply by exploiting the flaws in it, that means they took advantage of the error in the developers’ code. Now, this time the hackers itself has left behind a crucial flaw in its malware code which can be exploited by us to help save our computer systems. Believe me, it’s not an April Fools’ joke! A malicious software program that holds the victims’ computer files hostage by wrapping them with strong encryption until the victim pays a ransom fee to get them decrypted, has a critical flaw in its malware code itself that it leaves the decryption key on the victim’s computer. The Anti-virus firm Symantec examined a sophisticated malware program dubbed as CryptoDefense (Trojan.Cryptodefense) ransomware , which appeared in the end of the last month. CryptoDefense is one of the complex malware programs that include a number of effective techniques, including Tor anonymity tool usage and Bitcoin digital currency to extort money from victims. Cryp
LOCKER Malware - Yet another new variant of Cryptolocker Ransomware

LOCKER Malware - Yet another new variant of Cryptolocker Ransomware

December 13, 2013Mohit Kumar
Ransomware , a t hreat to internet users that continues to grow in popularity with cyber criminals due to its success and monetary potential. This is nothing new and to be expected. I have noticed many discussions on underground hacking forums about " How to create Ransomware like Cryptolocker malware " or " Malware - hacking tool-kit with ransomware features ". Security intelligence provider,  IntelCrawler has discovered  a new ransomware variant called Locker that demands $150 (£92) to restore files that it has encrypted. Like Cryptolocker , this new ransomware is also nasty because infected users are in danger of losing their personal files forever. Locker mainly spreads by drive-by downloads from compromised websites, disguised itself as MP3 files and use system software vulnerabilities to infect the end user. Once it has infected a system, malware first checks the infected machine has an internet connection or not. Then it deletes any original files from t
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.